def lower_privilege(startup_file, options)
Utils.lower_privilege_called
return if Process.euid != 0
if options["default_user"] && !options["default_user"].empty?
default_user = options["default_user"]
else
default_user = "nobody"
end
if options["default_group"] && !options["default_group"].empty?
default_group = options["default_group"]
else
default_group = Etc.getgrgid(Etc.getpwnam(default_user).gid).name
end
if options["user"] && !options["user"].empty?
begin
user_info = Etc.getpwnam(options["user"])
rescue ArgumentError
user_info = nil
end
else
uid = File.lstat(startup_file).uid
begin
user_info = Etc.getpwuid(uid)
rescue ArgumentError
user_info = nil
end
end
if !user_info || user_info.uid == 0
begin
user_info = Etc.getpwnam(default_user)
rescue ArgumentError
user_info = nil
end
end
if options["group"] && !options["group"].empty?
if options["group"] == "!STARTUP_FILE!"
gid = File.lstat(startup_file).gid
begin
group_info = Etc.getgrgid(gid)
rescue ArgumentError
group_info = nil
end
else
begin
group_info = Etc.getgrnam(options["group"])
rescue ArgumentError
group_info = nil
end
end
elsif user_info
begin
group_info = Etc.getgrgid(user_info.gid)
rescue ArgumentError
group_info = nil
end
else
group_info = nil
end
if !group_info || group_info.gid == 0
begin
group_info = Etc.getgrnam(default_group)
rescue ArgumentError
group_info = nil
end
end
if !user_info
raise SecurityError, "Cannot determine a user to lower privilege to"
end
if !group_info
raise SecurityError, "Cannot determine a group to lower privilege to"
end
NativeSupport.switch_user(user_info.name, user_info.uid, group_info.gid)
ENV['USER'] = user_info.name
ENV['HOME'] = user_info.dir
end